Zero Inbound Access
Zero Inbound Access clusters build on the security available in Private Network clusters, by allowing clusters to be created without publicly routable IPs. This is distinct from Private Network Clusters, which have a gateway node with a publicly routable IP.
This configuration is a security best practice and a security requirement for many organizations as it reduces the potential attack vectors to compromise servers running back end services.
Features of Zero Inbound Access clusters include:
- Instances in Zero Inbound Access cluster have no publicly routable IPs.
- All the limitations and features of Private Network clusters.
- (For a more complete list, please refer to Security Features Overview)
Alike Private Network Clusters, all inter-node communication within data-layer clusters (Cassandra, Kafka etc) occurs within a private network.
Instaclustr will automatically provision a gateway server which uses reverse SSH to enable cluster management only accessible to the Instaclustr technical operations team. The gateway is firewalled to only be accessible only from Instaclustr’s management system and has no publicly routable IP.
Zero Inbound Access is currently only available as an option on newly provisioned clusters.
Limitations
- Only available for newly created clusters
- Only available for clusters provisioned in RIYOA and On-Premises accounts
How to Provision
To create using API or Terraform see the relevant documentation. For provisioning via the Console follow these steps:
How to Provision a Zero Inbound Access Cluster via Console
1. On the Create Cluster Page, enable “Zero Inbound Access”. In the below example, we provision an Apache Cassandra cluster, but all Instaclustr applications support Zero Inbound Access.
2. Proceed to the Confirmation page, and the Zero Inbound Access option is shown as an enterprise feature. Finally, select Create Cluster.
